AMENDMENTS TO THE CLAIMS 



1. (Currently Amended) A record carrier comprising: 
a storage unit; 

a processor; 

a requisition receiving unit operable to receive, from a terminal device having the 
record carrier attached thereto, a requisition for access to the storage unit; 

an acquisition unit operable to acquire an access condition indicating whether or not 
the terminal device is authorized to access the storage unit; 

a judging unit operable to judge , using the processor, whether or not the requisition 
satisfies the access condition; and 

a prevention unit operable to prevent the access of the terminal device to the storage 
unit when the judging unit judges that the requisition does not satisfy the access condition. 

2. (Original) The record carrier of Claim 1, further comprising: 

an access condition storage unit operable to store the access condition, wherein 
the acquisition unit acquires the access condition from the access condition storage 

unit. 

3. (Original) The record carrier of Claim 2, wherein 

the access condition includes an identifier list including one or more identifiers which 
respectively identify one or more devices authorized to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 
device, and 

the judging unit judges that, (i) when an identifier matching the requiring device 
identifier is included in the identifier list, the requisition satisfies the access condition, and (ii) 
when an identifier matching the requiring device identifier is not included in the identifier list, 
the requisition does not satisfy the access condition. 

4. (Withdrawn) The record carrier of Claim 3, wherein 

the access condition includes an identifier list including one or more identifiers and 
one or more sets of number information which correspond one-to-one with the identifiers 
respectively, the one or more identifiers identifying one or more devices authorized to access 
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the storage unit, each set of number information indicating a count of accesses available for 
the corresponding device to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 

device, 

the judging unit includes: 

a holding unit operable to hold a count of accesses indicating how many times 
the terminal device has accessed the storage unit; 

a 1st judging subunit operable to judge whether or not an identifier matching 
the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit judges 
that the matching identifier is included, whether or not a count indicated by a set of number 
information corresponding to the matching identifier is larger than the count of accesses held 
by the holding unit, and 

the judging unit judges that, (i) when either one of a judgment result by the 1st judging 
subunit and a judgment result by the 2nd judging subunit is negative, the requisition does not 
satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

5. (Withdrawn) The record carrier of Claim 3, wherein 

the access condition includes an identifier list including one or more identifiers and 

one or more sets of period information which correspond one-to-one with the identifiers 

respectively, the one or more identifiers identifying one or more devices authorized to access 

the storage unit, each set of period information indicating a time period available for the 

corresponding device to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 

device, and 

the judging unit includes: 

a time managing unit operable to manage a current date and time; 

a 1st judging subunit operable to judge whether or not an identifier matching 

the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit judges 

that the matching identifier is included, whether or not the current time is within a time period 

indicated by a set of period information corresponding to the matching identifier, and 

the judging unit judges that, (i) when either one of a judgment result by the 1st judging 
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subunit and a judgment result by the 2nd judging subunit is negative, the requisition does not 
satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

6. (Withdrawn) The record carrier of Claim 3, wherein 
the storage unit includes a plurality of memory blocks, 

the access condition includes an identifier list including one or more identifiers and 
one or more sets of memory block information, which correspond one-to-one with the 
identifiers respectively identifying one or more devices authorized to access the storage unit, 
the sets of memory block information each indicating one or more of the memory blocks 
available for each of the corresponding devices to access, 

the requisition includes a requiring device identifier for identifying the terminal device 
and memory block specifying information for specifying one of the memory blocks, and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier matching 
the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit judges 
that the matching identifier is included, whether or not the memory block specified by the 
memory block specifying information is included in the one or more of the memory blocks 
indicated by a set of the memory block information corresponding to the matching identifier, 
and 

the judging unit judges that, (i) when either one of a judgment result by the 1st judging 
subunit and a judgment result by the 2nd judging subunit is negative, the requisition does not 
satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

7. (Previously Presented) The record carrier of Claim 3, wherein 
the storage unit stores one or more sets of program data, 

the access condition includes an identifier list including one or more identifiers and 

one or more sets of program information, which correspond one-to-one with the identifiers 

respectively identifying one or more devices authorized to access the storage unit, the sets of 

program information each indicating one or more sets of the program data available for each 

of the corresponding devices to access, 

the requisition includes a requiring device identifier for identifying the terminal device 
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and program specifying information for specifying one set of the program data, and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier matching 
the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit judges 
that the matching identifier is included, whether or not the set of program data specified by 
the program specifying information is included in the one or more sets of the program data 
indicated by a set of the program information corresponding to the matching identifier, and 

the judging unit judges that, (i) when either one of a judgment result by the 1st judging 
subunit and a judgment result by the 2nd judging subunit is negative, the requisition does not 
satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

8. (Withdrawn) The record carrier of Claim 3, wherein 

the access condition includes (i) an identifier list including one or more identifiers 
which respectively identify one or more devices authorized to access the storage unit, and (ii) 
a biometrics list including one or more sets of biometric information for respectively 
identifying one or more users authorized to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal device 
and operator biometric information indicating biometric information of an operator of the 
terminal device, and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier matching 
the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit judges 
that the matching identifier is included, whether or not a set of the biometric information 
corresponding to the operator biometric information is included in the biometrics list, and 

the judging unit judges that, (i) when either one of a judgment result by the 1st judging 
subunit and a judgment result by the 2nd judging subunit is negative, the requisition does not 
satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

9. (Withdrawn) The record carrier of Claim 3, wherein 

the access condition includes (i) an identifier list including one or more identifiers 
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which respectively identify one or more devices authorized to access the storage unit, and (ii) 
a password list including one or more sets of password information respectively specified by 
one or more users authorized to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal device 
and an entry password entered by an operator of the terminal device, and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier matching 
the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge whether or not a password indicated 
by a set of password information corresponding to the entry password is included in the 
password list, and 

the judging unit judges that, (i) when either one of a judgment result by the 1st 
judging subunit and a judgment result by the 2nd judging subunit is negative, the requisition 
does not satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

10. (Original) The record carrier of Claim 2, further comprising: 

an access condition accepting unit operable to accept the access condition from a 
terminal device having the record carrier attached thereto; and 

an access condition registration unit operable to register, when the terminal device is 
authorized, the access condition with the access condition storage unit. 

11. (Original) The record carrier of Claim 10, wherein 
the access condition registration unit includes: 

a 1st key information holding unit holds 1st key information shared with the 
authorized terminal device; and 

an output unit operable to output challenge data to the terminal device having 
the record carrier attached thereto; and 

an examination unit operable to receive response data from the terminal device 
having the record carrier attached thereto and examine the received response data, 

and the access condition registration unit authenticates that, when, as a result of the 
examination, the response data is verified as data generated by using the challenge data and 
the 1 st key information, the terminal device having the record carrier attached thereto is the 
authorized terminal device. 
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12. (Original) The record carrier of Claim 11, wherein 

the access condition accepting unit accepts the access condition which has been 
encrypted using an access condition encryption key, and 

the access condition registration unit decrypts the encrypted access condition 
based on the access condition encryption key, and registers the decrypted access 
condition with the access condition storage unit. 

13. (Original) The record carrier of Claim 12, wherein 

the access condition accepting unit further accepts signature data generated based 
on the access condition, and 

the access condition registration unit examines the signature data using a 
verification key relevant to the authorized terminal device, and registers, when the 
signature data is successfully verified, the decrypted access condition with the access 
condition storage unit. 

14. (Original) The record carrier of Claim 13, wherein 

the access condition includes an identifier list including one or more identifiers 
which respectively identify one or more devices authorized to access the storage unit. 

15. (Withdrawn) The record carrier of Claim 14, wherein 
the access condition includes an identifier list, 

the identifier list comprises one or more identifiers and one or more sets of 
number information which correspond one-to-one with the identifiers, 

the one or more identifiers respectively identify one or more devices authorized to 
access the storage unit, and 

each set of number information indicates a count of accesses available for the 
corresponding devices to access the storage unit. 

16. (Withdrawn) The record carrier of Claim 14, wherein 
the access condition includes an identifier list, 

the identifier list comprises one or more identifiers and one or more sets of period 

information which correspond one-to-one with the identifiers, 
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the one or more identifiers respectively identify one or more devices authorized to 
access the storage unit, and 

each set of period information respectively indicates a time period available for 
the corresponding device to access the storage unit. 

17. (Withdrawn) The record carrier of Claim 14, wherein 
the storage unit comprises a plurality of memory blocks, 
the access condition includes an identifier list, 

the identifier list comprises one or more identifiers and one or more sets of 
memory block information, which correspond one-to-one with the identifiers, 

the identifiers respectively identify one or more devices authorized to access the 
storage unit, and 

the sets of memory block information each indicate one or more of the memory 
blocks available for each of the corresponding devices to access. 

18. (Previously Presented) The record carrier of Claim 14, wherein 
the storage unit stores one or more sets of program data, 

the access condition includes an identifier list, 

the identifier list comprises one or more identifiers and one or more sets of 
program information, which correspond one-to-one with the identifiers, 

the identifiers respectively identify one or more devices authorized to access the 
storage unit, and 

the sets of program information each indicate one or more sets of the program 
data available for each of the corresponding devices to access. 

19. (Withdrawn) The record carrier of Claim 14, wherein 

the access condition includes an identifier list and a biometrics list, 

the identifier list comprises one or more identifiers respectively identifying one 

or more devices authorized to access the storage unit, and 

the biometrics list comprises one or more sets of biometric information for 

respectively identifying one or more users authorized to access the storage unit. 
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20. (Withdrawn) The record carrier of Claim 14, wherein 

the access condition includes an identifier list and a password list, 

the identifier list comprises one or more identifiers respectively identifying one or 

more devices authorized to access the storage unit, and 

the password list comprises one or more sets of password information 

respectively specified by one or more users authorized to access the storage unit. 

21. (Original) The record carrier of Claim 2, further comprising: 

a deletion requisition receiving unit operable to receive, from the terminal device 
having the record carrier attached thereto, a requisition for deletion of the access 
condition stored by the access condition storage unit, 

an authentication unit operable to authenticate whether or not the terminal device 
is authorized, and 

an access condition deletion unit operable to delete, when the authentication unit 
authenticates that the terminal device is authorized, the access condition from the access 
condition storage unit according to the requisition. 

22. (Original) The record carrier of Claim 2, further comprising: 

an update requisition receiving unit operable to receive, from the terminal device 
having the record carrier attached thereto, a requisition for update of the access condition 
stored by the access condition storage unit, 

an authentication unit operable to authenticate whether or not the terminal device 
is authorized, and 

an access condition update unit operable to update, when the authentication unit 
authenticates that the terminal device is authorized, the access condition according to the 
requisition. 

23. (Currently Amended) The record carrier of Claim 1, further comprising: 
a communication unit operable to communicate with an access condition 

management server connected via a network, wherein 

the access condition management server manages, in one-to-one correspondence, 

(i) identification information pieces that respectively identify a plurality of record carriers 
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including the record carrier, and (ii) a plurality of access conditions including the access 
condition, 

the acquisition unit (i) transmits one of the identification information pieces that 
identifies the record carrier to the access condition management server via the 
communication unit, and (ii) acquires the access condition corresponding to the one of 
the identification information pieces from the access condition management server via 
the communication unit, 

the access condition includes an identifier list including one or more identifiers 
which respectively identify one or more devices authorized to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 
device, and 

the judging unit judges that, (i) when an identifier matching the requiring device 
identifier is included in the identifier list, the requisition satisfies the access condition, 
and (ii) when an identifier matching the requiring device identifier is not included in the 
identifier list, the requisition does not satisfy the access condition . 

24. (Original) The record carrier of Claim 23, 

wherein the acquisition unit acquires from the access condition management 
server via the communication unit, along with the access condition, signature data 
generated based on the access condition, and 
the record carrier further comprising: 

a tamper detection unit operable to examine the signature data using a 
verification key relevant to the access condition management server, and detect whether 
or not the access condition has been tampered; and 

a prohibition unit operable to prohibit, when the tamper detection detects 
that the access condition has been tampered, the judging unit from judging. 

25. (Cancelled) 

26. (Withdrawn - Currently Amended) The record carrier of Claim 25 Claim 
24 , wherein 

the access condition includes an identifier list including one or more identifiers 
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and one or more sets of number information which correspond one-to-one with the 
identifiers respectively, the one or more identifiers identifying one or more devices 
authorized to access the storage unit, each set of number information indicating a count 
of accesses available for the corresponding device to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 

device, 

the judging unit includes: 

a holding unit operable to hold a count of accesses indicating how many 
times the terminal device has accessed the storage unit; 

a 1st judging subunit operable to judge whether or not an identifier 
matching the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit 
judges that the matching identifier is included, whether or not a count indicated by a set 
of number information corresponding to the matching identifier is larger than the count of 
accesses held by the holding unit, and 

the judging unit judges that, (i) when either one of a judgment result by the 1 st 
judging subunit and a judgment result by the 2nd judging subunit is negative, the 
requisition does not satisfy the access condition, and (ii) when both the judgment results 
are positive, the requisition satisfies the access condition. 

27. (Withdrawn - Currently Amended) The record carrier of Claim 25 Claim 
24, wherein 

the access condition includes an identifier list including one or more identifiers 
and one or more sets of period information which correspond one-to-one with the 
identifiers respectively, the one or more identifiers identifying one or more devices 
authorized to access the storage unit, each set of period information indicating a time 
period available for the corresponding device to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 
device, and 

the judging unit includes: 

a time managing unit operable to manage a current date and time; 
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a 1st judging subunit operable to judge whether or not an identifier 
matching the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit 
judges that the matching identifier is included, whether or not the current time is within a 
time period indicated by a set of period information corresponding to the matching 
identifier, and 

the judging unit judges that, (i) when either one of a judgment result by the 1 st 
judging subunit and a judgment result by the 2nd judging subunit is negative, the 
requisition does not satisfy the access condition, and (ii) when both the judgment results 
are positive, the requisition satisfies the access condition. 

28. (Withdrawn - Currently Amended) The record carrier of Claim 25 Claim 
24, wherein 

the storage unit comprises a plurality of memory blocks, 

the access condition includes an identifier list including one or more identifiers 
and one or more sets of memory block information, which correspond one-to-one with 
the identifiers respectively identifying one or more devices authorized to access the 
storage unit, the sets of memory block information each indicating one or more of the 
memory blocks available for each of the corresponding devices to access, 

the requisition includes a requiring device identifier for identifying the terminal 
device and memory block specifying information for specifying one of the memory 
blocks, and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier 
matching the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit 
judges that the matching identifier is included, whether or not the memory block 
specified by the memory block specifying information is included in the one or more of 
the memory blocks indicated by a set of the memory block information corresponding to 
the matching identifier, 

and judges that, (i) when either one of a judgment result by the 1st judging 

subunit and a judgment result by the 2nd judging subunit is negative, the requisition does 
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not satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 



29. (Currently Amended) The record carrier of Claim 25 Claim 24 , wherein 
the storage unit stores one or more sets of program data, 

the access condition includes an identifier list including one or more identifiers 
and one or more sets of program information, which correspond one-to-one with the 
identifiers respectively identifying one or more devices authorized to access the storage 
unit, the sets of program information each indicating one or more sets of the program data 
available for each of the corresponding devices to access, 

the requisition includes a requiring device identifier for identifying the terminal 
device and program specifying information for specifying one set of the program data, 
and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier 
matching the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit 
judges that the matching identifier is included, whether or not the set of program data 
specified by the program specifying information is included in the one or more sets of the 
program data indicated by a set of the program information corresponding to the 
matching identifier, 

and judges that, (i) when either one of a judgment result by the 1st judging 
subunit and a judgment result by the 2nd judging subunit is negative, the requisition does 
not satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

30. (Withdrawn - Currently Amended) The record carrier of Claim 25 Claim 
24, wherein 

the access condition includes (i) an identifier list including one or more identifiers 

which respectively identify one or more devices authorized to access the storage unit, and 

(ii) a biometrics list including one or more sets of biometric information for respectively 

identifying one or more users authorized to access the storage unit, 
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the requisition includes a requiring device identifier for identifying the terminal 
device and operator biometric information indicating biometric information of an 
operator of the terminal device, and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier 
matching the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge, when the 1st judging subunit 
judges that the matching identifier is included, whether or not a set of the biometric 
information corresponding to the operator biometric information is included in the 
biometrics list, 

and judges that, (i) when either one of a judgment result by the 1st judging 
subunit and a judgment result by the 2nd judging subunit is negative, the requisition does 
not satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

31. (Withdrawn - Currently Amended) The record carrier of Claim 25 Claim 
24, wherein 

the access condition includes (i) an identifier list including one or more identifiers 
which respectively identify one or more devices authorized to access the storage unit, and 
(ii) a password list including one or more sets of password information respectively 
specified by one or more users authorized to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 
device and an entry password entered by an operator of the terminal device, and 

the judging unit includes: 

a 1st judging subunit operable to judge whether or not an identifier 
matching the requiring device identifier is included in the identifier list; and 

a 2nd judging subunit operable to judge whether or not a password 
indicated by a set of password information corresponding to the entry password is 
included in the password list, 

and judges that, (i) when either one of a judgment result by the 1st judging 
subunit and a judgment result by the 2nd judging subunit is negative, the requisition does 
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not satisfy the access condition, and (ii) when both the judgment results are positive, the 
requisition satisfies the access condition. 

32. (Original) The record carrier of Claim 23, wherein 

the acquisition unit acquires, each time when the requisition receiving unit 
receives the requisition, the access condition from the access condition management 
server. 

33. (Original) The record carrier of Claim 23, wherein 

the acquisition unit acquires the access condition from the access condition 
management server at predetermined time intervals. 

34. (Original) The record carrier of Claim 23, wherein 

the acquisition unit acquires, when it is detected that the record carrier is attached 
to a terminal device, the access condition from the access condition management server. 

35. (Currently Amended) A data protection system comprising: 
a record carrier including: 

a storage unit, 
a processor, 

a requisition receiving unit operable to receive, from a terminal device 
having the record carrier attached thereto, a requisition for access to the storage unit, 

an access condition storage unit operable to store an access condition 
indicating whether or not the terminal device is authorized to access the storage unit, 

a judging unit operable to judge , using the processor, whether or not the 
requisition satisfies the access condition, and 

a prevention unit operable to prevent the access to the storage unit when 
the judging unit judges the requisition does not satisfy the access condition; and 
a terminal device including: 

a record carrier interface operable to attach the record carrier thereto, 

an access requisition generation unit operable to generate the requisition of 
the record carrier to the storage unit, and 
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an access requisition output unit operable to output, to the record carrier, 
the generated requisition for access. 

36. (Currently Amended) The data protection system of Claim 35, further 
comprising: 

an access condition registration management server including: operable to register 
the access condition with the access condition storage unit of the record carrier via the 
terminal device having the record carrier attached thereto. 

a storage unit storing therein, in one-to-one correspondence, (i) identification 
information pieces that respectively identify a plurality of record carriers including the 
record carrier, and (ii) a plurality of access conditions including the access condition; 

a reception unit operable to receive, from the terminal device having the record 
carrier attached thereto, one of the identification information pieces that identifies the 
record carrier; and 

a registration unit operable to register the access condition corresponding to the 
received one of the identification information pieces with the access condition storage 
unit of the record carrier via the terminal device having the record carrier attached 
thereto. 

37. (Currently Amended) A data protection system comprising: 
a record carrier including, including: 

a storage unit, 
a processor, 

a requisition receiving unit operable to receive, from a terminal device 
having the record carrier attached thereto, a requisition for access to the storage unit, 

an access condition storage unit operable to store an access condition 
indicating whether or not the terminal device is authorized to access the storage unit, 

a judging unit operable to judge , using the processor, whether or not the 
requisition satisfies the access condition, and 

a prevention unit operable to prevent the access to the storage unit when 

the judging unit judges the requisition does not satisfy the access condition; 

a terminal device including j ncluding: 
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a record carrier interface operable to attach the record carrier thereto, 

an access requisition generation unit operable to generate the requisition of 

the record carrier to the storage unit, and 

an access requisition output unit operable to output, to the record carrier, 

the generated requisition for access; and 

an access condition management server connected, via a network, with the 

terminal device having the record carrier attached thereto, including j ncluding: 

an access condition storage unit operable to store the access condition, and 
an access condition transmission unit operable to transmit the access 

condition to the record carrier via the terminal device having the record carrier attached 

thereto. 

38. (Currently Amended) A data protection method used by a record carrier 
including a storage unit and an access condition storage unit, comprising the steps of: 

(a) receiving, from a terminal device having the record carrier attached thereto, a 
requisition for access to the storage unit; 

(b) acquiring, from the access condition storage unit, an access condition 
indicating whether or not the terminal device is authorized to access the storage unit; 

(c) judgin g, using a processor, whether or not the requisition satisfies the access 
condition; and 

(d) preventing the access to the storage unit when the step (c) judges that the 
requisition does not satisfy the access condition. 

39. (Currently Amended) A non-transitory computer readable recording medium 
on which a data protection program used by a record carrier including a storage unit and 
an access condition storage unit is recorded , the data protection program causing the 
record carrier to perform a method comprising the steps of: 

(a) receiving, from a terminal device having the record carrier attached thereto, a 
requisition for access to the storage unit; 

(b) acquiring, from the access condition storage unit, an access condition 
indicating whether or not the terminal device is authorized to access the storage unit; 

(c) judgin g, using a processor, whether or not the requisition satisfies the access 

17 



condition; and 

(d) preventing the access to the storage unit when the step (c) judges that the 
requisition does not satisfy the access condition. 

40. (Currently Amended) A data protection method used by a record carrier 
including a communication unit and a storage unit, comprising the steps of: 

(a) receiving, using a processor, from a terminal device having the record carrier 
attached thereto, a requisition for access to the storage unit; 

(b) communicating with an access condition management server connected via a 
network; 

(4) (b) transmitting an identification information piece that identifies the record 
carrier to an access condition management server via the communication unit, and 
acquiring from the access condition management server , as a result of the stop (b), an 
access condition corresponding to the identification information piece via the 
communication unit, the access condition indicating whether or not the terminal device is 
authorized to access the storage uni fe unit, the access condition management server 
managing, in one-to-one correspondence, (i) identification information pieces that 
respectively identify a plurality of record carriers including the record carrier, and (ii) a 
plurality of access conditions including the access condition; 

(4) -(c) j udging whether or not the requisition satisfies the access condition; and 

(e) -{d)preventing the access to the storage unit when the step (d){c) judges that the 
requisition does not satisfy the access condition, wherein condition. 

the access condition includes an identifier list including one or more identifiers 
which respectively identify one or more devices authorized to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 
device, and 

the step (c) judges that, (i) when an identifier matching the requiring device 
identifier is included in the identifier list, the requisition satisfies the access condition, 
and (ii) when an identifier matching the requiring device identifier is not included in the 
identifier list, the requisition does not satisfy the access condition . 

41. (Currently Amended) A non-transitory computer-readable recording medium 
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on which a data protection program used by a record carrier including a communication 
unit and a storage unit is recorded , the data protection program causing the record carrier 
to perform a method comprising the steps of: 

(a) receiving, from a terminal device having the record carrier attached thereto, a 
requisition for access to the storage unit; 

(b) communicating with an access condition management server connected via a 
network; 

fe4 (b) transmitting an identification information piece that identifies the record 
carrier to an access condition management server via the communication unit, and 
acquiring from the access condition management server , as a result of the stop (b), an 
access condition corresponding to the identification information piece via the 
communication unit, the access condition indicating whether or not the terminal device is 
authorized to access the storage um frunit, the access condition management server 
managing, in one-to-one correspondence, (i) identification information pieces that 
respectively identify a plurality of record carriers including the record carrier, and (ii) a 
plurality of access conditions including the access condition; 

(d) (c) judgin g, using a processor, whether or not the requisition satisfies the 
access condition; and 

(e) (d) p reventing the access to the storage unit when the step (d) (c) j udges that 
the requisition does not satisfy the access condition. condition, wherein 

the access condition includes an identifier list including one or more identifiers 
which respectively identify one or more devices authorized to access the storage unit, 

the requisition includes a requiring device identifier for identifying the terminal 
device, and 

the step (c) judges that, (i) when an identifier matching the required device 
identifier is included in the identifier list, the requisition satisfies the access condition, 
and (ii) when an identifier matching the requiring device identifier is not included in the 
identifier list, the requisition does not satisfy the access condition. 



19 



